Re: theoretical question - can root's username be changed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Dec 02, 2005 at 09:16:35AM -0600, Nix, Robert P. wrote:
>  
> 
> -----Original Message-----
> From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Craig White
> Sent: Thursday, December 01, 2005 9:36 PM
> To: For users of Fedora Core releases
> Subject: Re: theoretical question - can root's username be changed?
> 
> On Thu, 2005-12-01 at 21:46 -0500, Claude Jones wrote:
> > On Thu December 1 2005 9:31 pm, Mike McCarty wrote:
> > > Claude Jones wrote:
> > > > Subject line says it all...
> > ----
> > Best to save feeble attempts of security through obscurity for Windows. 
> >
> >Create another user and you can set that user's uid to 0 if you wish.
> 
> Practical experiences:
> 
> First, our Unix team maintains uid 0 accounts for all the team members on each Unix / Linux / AIX box we support. Many actions can be taken during system installs or problems via these accounts, and we retain some accountability for who has been on the box touching things. Also, we each have our own password, so if the root password is changed for some reason and we don't all know about it, we can still get in and do some (possibly all) of our work.
> 
> Note that having multiple uid 0 users will, in itself, break some things. SuSE's user maintenance program will not tolerate multiple users having the same uid (0 or otherwise). The way we've gotten around that is by using LDAP authentication, and defining the additional uid 0 users in LDAP. This way SuSE's tool does not see the "error".
> 
> Some vended products MUST be installed via root (not another uid 0 account). Something in the install checks for root, and aborts the install if using some other userid. Others must run as root.
> 
> The su - command is specific to the root userid. You can su to other uid 0 users, but you have to specify the userid to do it. So if you removed root, then you've removed the ability to use the "su -" command.
It is my day to be picky. The su - command still works , but it just
needs a user-id as an argument. I don't want it missed that:
su foo  is not the same as su - foo.
-------------------------------------------
Aaron Konstam
Computer Science
Trinity University
telephone: (210)-999-7484
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux